Point-of-sale (POS) terminals allow customers to pay for purchases using a wide variety of payment methods, such as with credit cards, debit cards, and ATM cards, among others. Payment information typically is encrypted before transmission from the POS terminal to a payment center, and also may be secured through other means, such as authentication using a personal identification number (PIN) entered by the customer on a keypad. Ideally, a POS terminal should be configured to detect attempts to tamper with the keypad area, to avoid the possibility of fraud by, for example, illicitly recording or otherwise intercepting unencrypted PIN numbers or other information.
Typically, a POS keypad is constructed of silicone rubber or a similar material, and detection of tampering usually is accomplished with a group of security switches used in conjunction with one or more printed circuit boards (PCBs) embedded in or under the keypad. For example, a POS terminal may include a pair of circuit boards, with a conductor disposed between the circuit boards such that when the case of the terminal is opened, an electrical connection between the circuit boards is broken, triggering a tamper detection circuit.
Alternatively, the POS keypad may include conductive “pills” that short across patterns of traces on a single PCB, and which function as security switches. FIG. 1 shows a partially exploded view of the top portion of such a prior art POS terminal, generally indicated at 10. Terminal 10 includes an outer case (of which the top portion 12 is shown in FIG. 1), a keypad 14, and a PCB 16. As indicated, one or more security switches 18 may be attached to or formed integrally with the keypad. Security switches 18 generally are formed from carbon or another suitably conductive material, and are configured to make conductive contact with at least two separate conductive traces on the PCB when the terminal is assembled, thus completing a circuit. If the keypad is separated from the PCB, the circuit is broken, prompting one or more security measures (such as disablement of the terminal).
The methods of tamper resistance described above are simple and cost-effective, but may be prone to attack by insertion of a foreign conductor. For example, FIG. 2 depicts a sectional view of prior art system 10 of FIG. 1 being attacked by a hypodermic needle 20 filled with a conducting fluid. The hypodermic needle is easily pushed through the soft silicone of the keypad at the top surface of the terminal, and an attacker may use the needle to probe between the soft key tops 22 and the edges 24 of the keypad openings in the case, until the tip 26 of the needle reaches the security switch locations. A conductive liquid then may be injected into the security switch area, permanently shorting the security switches, and allowing the attacker to remove the keypad.
One method of protecting against the type of hypodermic needle attack described above has been to make the keys of the terminal keypad very tall relative to their length and width, which limits the insertion angle of the needle. However, this is unsatisfactory because it makes the terminal larger and heavier than necessary, limits the size of keys, and increases the cost and difficulty of making the parts.
Alternatively, one or more PCBs of the terminal may be embedded (or “potted”) in epoxy resin, effectively integrating the keypad and PCBs into a single module and preventing removal of the PCBs. However, this approach prevents removal and servicing of the PCBs by authorized—as well as unauthorized—personnel, and also may be subject to attacks involving epoxy solvents. Thus, a need exists for an enhanced POS terminal security system, to resist attacks effectively while still providing relatively convenient authorized access to the interior of the terminal.